Privacy policy
Your privacy is important to us. It is Stuut, Inc.'s policy to respect your privacy regarding any information we may collect from you across our website and its associated applications, https://www.stuut.ai, and other sites we own and operate.
We only ask for personal information when we need it to provide a service to you. We also let you know why we’re collecting it and how it will be used. We only retain collected information for as long as necessary to provide you with your requested service. What data we store, we protect within commercially acceptable means to prevent loss and theft, as well as unauthorized access, disclosure, copying, use, or modification.
We don’t share any personally-identifying information publicly or with third-parties, except when required to by law.
We may receive information about you in several different ways:
You May Share Information with Us
We may collect your name, mailing address, email address, phone number, username, password, employer/industry, professional occupation/title, and/or other information you directly give us on our website.For customers who have paid for access to Stuut’s software services, we may collect more information in order to set up user accounts and customer access (for example, customer company or office location information).
Information May be Shared with Us
We may get information about you from other sources. For example, if your employer is a Stuut customer, your employer may provide your name and email address in order for us to create your Stuut user account.
We May Collect Some Information Automatically
In order to improve our website and our services, we may collect information about the devices used to access our website and applications. For examples of information that may be collected automatically during your use of the website and any of our associated applications, we may collect: operating system, IP address, device type, browser type, pages accessed and activity on those pages.
SMS and Mobile Data
We do not sell or share mobile phone numbers or SMS opt-in information with third parties or affiliates for marketing or promotional purposes.
We may share this information only with service providers who help deliver our services. Text messaging
originator opt-in data and consent will not be shared with any third parties.
Links
Our website may link to external sites that are not operated by us. Please be aware that we have no control over the content and practices of these sites, and cannot accept responsibility or liability for their respective privacy policies.
How we use cookies and other website navigational information
Stuut uses cookies to make your interactions on our Websites easy and meaningful. When you access our Websites, our servers send a cookie to your computer. Below is a description of the types of cookies we use and when and how you can control their use. In addition, if you are a Visitor to our Websites, you can use our cookie settings to opt out of cookies that are not “strictly necessary” to enable core site functionality, such as performance, functional and targeting cookies. If you do not want to receive cookies, you can also change your browser settings on your computer or other device you are using to access our services. Most browsers also provide functionality that lets you review and erase cookies.
Strictly Necessary Cookies — These cookies are necessary for the website to function. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information.
Performance Cookies — These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how Visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site, and will not be able to monitor its performance.
Functional Cookies — These cookies enable the website to provide enhanced functionality and personalization. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly.
Targeting Cookies — These cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.
Social Media Cookies — These cookies allow us to count visits and traffic sources. They help us to know which pages you find the most and least popular. If you do not allow these cookies we will not know when you have visited our site, and will not be able to monitor its performance.
Personalized Tracking — These cookies allow us to count visits and traffic sources. They help us to know which pages you find the most and least popular. If you do not allow these cookies we will not know when you have visited our site, and will not be able to monitor its performance.
You can modify your cookie settings here.
Google Data & Workspace API Usage
Access to Google Data: We may access your Google account data with your explicit consent to provide or enhance features within our services. This could include accessing your Gmail data or other Google services, depending on the permissions you grant.
Purpose of Usage: Delivering the services you request. Improving your experience. Optimizing the functionality of integrated features.
Restricted Scopes Compliance: Any use of your Google data is strictly in accordance with Google’s API Services User Data Policy, including the guidelines for apps using restricted scopes. We do not use your Google data for purposes such as ad targeting, nor do we share this data with unauthorized third parties.
Retention of Google Data
Storage Duration: We retain your Google data only for as long as necessary to fulfill the purposes outlined in this policy or as required by law. If your data is used temporarily (e.g., for processing a request), it will be deleted promptly after the task is completed.
User Control: You have the right to disconnect your Google account and revoke access to your data at any time. Upon disconnection, we will delete any stored Google data unless it is necessary to retain it for compliance with legal obligations or for legitimate business purposes.
Secure Storage: Any Google data retained by us is encrypted and stored securely to prevent unauthorized access. We follow industry best practices to ensure your data is safe at all times.
Your Consent and Rights: By connecting your Google account to our services, you consent to the collection, use, and retention of your data as outlined above. You retain the right to review, modify, or request deletion of your data at any time.
We affirm that Google Workspace APIs are not used to develop, improve, or train generalized AI and/or ML models. Our application does not retain or use Google Workspace data about users to train generalized AI or ML models. If any Google user data is utilized, it is solely for personalized AI/ML models and not for generalized or non-personalized AI/ML models.
GDPR
This section applies to individuals locatedin the European Union (“EU”) and the United Kingdom (“UK”) and is provided in accordance with the General Data Protection Regulation (EU) 2016/679 (“GDPR”)and the UK GDPR.
Data Protection Officer (DPO)
We have appointed a Data Protection Officer(“DPO”) to oversee our data protection and privacy compliance activities.
DPO Contact Details
Name and title: Ben Winter, Data Protection Officer & COO
Email: Ben@Stuut.co
You may contact our DPO with questions regarding this privacy notice or the processing of your personal data.
EU and UK Representative
Our EU Representative:
Under Article 27 of the GDPR, we have appointed an EU Representative to act as our data protection agent. Our nominated EU Representative is :
Instant EU GDPR Representative Ltd.
Adam Brogden contact@gdprlocal.com
Tel +35315549700
INSTANT EU GDPR REPRESENTATIVE LTD
Office 2,
12A Lower Main Street, Lucan Co. Dublin
K78 X5P8
Ireland
Our UK Representative:
Under Article 27 of the UK Data Privacy Act, we have appointed a UK Representative to act as our data protection agent. Our nominated UK Representative is: GDPR Local Ltd.
Adam Brogden contact@gdprlocal.com
Tel +44 1772 217800
1st Floor Front Suite
27-29 North Street, Brighton
EnglandYour Rights Under GDPR
If you are located in the EU or UK, you have the following rights under the GDPR:
•Right of Access – to request access to personal data we hold about you.
•Right to Rectification – to request correction of inaccurate or incomplete personal data.
•Right to Erasure – to request deletion of your personal data where there is no lawful basis for continued processing.
•Right to Restriction of Processing – to request limitation of processing in certain circumstances.
•Right to Object to Processing – to object to processing based on legitimate interests.
•Right to Data Portability – to receive your personal data in a structured, commonly used, machine-readable format and transmit it to another controller.
Requests may be submitted using the contact details above. We may require verification of identity before responding.
Purpose of Processing and Lawful Basis
As a B2B SaaS provider operating in the financial industry, we process personal data primarily in a business-to-business context. Personal data may relate to representatives of our customers, prospects, partners, or vendors.
Purposes of Processing
We process personal data for purposes including:
•Providing and operating our SaaS platform and AI-enabled services
•Account administration and customer support
•Security monitoring, fraud prevention, and risk management
•Product improvement, analytics, and system performance
•Compliance with legal, regulatory, and contractual obligations
Lawful Bases for Processing
We rely on one or more of the following lawful bases under Article 6 GDPR:
•Performance of a Contract – where processing is necessary to provide contracted services to our business customers
•Legal Obligation – where processing is required to meet applicable financial, regulatory, or compliance requirements
•Legitimate Interests – where processing supports our business operations, platform security, or service improvement and does not override your rights
•Consent – where explicitly obtained for specific purposes
Where processing is based on consent, consent may be withdrawn at any time.
Legitimate Interests
Where we process personal data based on legitimate interests, these interests may include:
•Ensuring platform integrity, availability, and cybersecurity
•Preventing fraud, misuse, or unauthorized access
•Improving AI models, system performance, and service reliability
We assess and balance these interests against the rights and freedoms of individuals. You may object to this processing at any time.
Data Sharing and Third Parties
We may share data with third parties where necessary to support our operations, including:
•AWS and Vercel for cloud hosting and system infrastructure
•HubSpot for storing customer contact information and website hosting
Third parties process personal data only under contractual obligations that require confidentiality, security, and GDPR-compliant safeguards.
We do not sell personal data.International Data Transfers
As a U.S.-based company, personal data may be transferred outside the EU or UK. Where such transfers occur, we implement appropriate safeguards, including:
•Standard Contractual Clauses (SCCs)
•Reliance on adequacy decisions, where applicable
Data Storage and Retention
Personal data is retained only for as long as necessary to fulfill the purposes for which it was collected, including compliance with legal, regulatory, and contractual requirements.
Retention periods are determined based on:
•The type of data
•The purpose of processing
•Applicable regulatory or financial record-keeping obligations
Data Security Measures
We maintain technical and organizational measures designed to protect personal data against unauthorized access, loss, alteration, or disclosure. These measures include:
•Role-based access controls and least-privilege access
•Encryption of data in transit and at rest
•Secure authentication mechanisms
•Continuous monitoring and logging
•Incident detection and response procedures
AI-Related Processing
Where AI technologies are deployed, data used to train AI systems may be anonymized or aggregated to prevent identification of individuals.
Children’s Data
Our services are intended for business use only. We do not knowingly collect or process personal data relating to children.
Complaints
You have the right to lodge a complaint with your local EU or UK data protection supervisory authority if you believe your personal data has been processed unlawfully.
Other
You are free to refuse our request for your personal information, with the understanding that we may be unable to provide you with some of your desired services.Our marketing communications allow you to opt out of receiving further marketing communications. When necessary, we may send customer and user account-related communications (“transactional” communications) after a marketing communication opt-out is received.
Your continued use of our website will be regarded as acceptance of our practices around privacy and personal information. If you have any questions about how we handle user data and personal information, feel free to contact us at legal@stuut.ai.This policy is effective as of 30 January 2025.
Updates to This Privacy Notice
We keep our privacy notice under regular review to make sure it is up to date and accurate.
